Submit #741647: Beijing Guoju Information Technology Co., Ltd JeecgBoot 3.9.0 SQL Injectioninfo

TitleBeijing Guoju Information Technology Co., Ltd JeecgBoot 3.9.0 SQL Injection
DescriptionJeecgBoot is a low-code development platform by Beijing Guoju Information Technology Co., Ltd. It helps teams build enterprise web systems faster with code generation, visual configuration, and reusable modules. The platform typically integrates Spring Boot, Spring Cloud, MyBatis-Plus, and Vue/Ant Design Vue, providing ready-made features such as user/role management, permissions, workflow, online forms, reports, and API support. It is used to accelerate CRUD-based business applications and improve development efficiency. In the JeecgBoot online report API /jeecgboot/sys/api/loadDictItemByKeyword, improper handling of subquery statements allows attackers to concatenate SQL statements outside the blacklist, resulting in an SQL injection vulnerability.
Source⚠️ https://www.yuque.com/meizhiyuwai/sks4nu/clircmda9b8q66lo?singleDoc
User
 jjcc20220820 (UID 62296)
Submission01/18/2026 01:22 PM (3 months ago)
Moderation02/01/2026 06:12 PM (14 days later)
StatusAccepted
VulDB entry343677 [JeecgBoot 3.9.0 Online Report API loadDictItemByKeyword keyword sql injection]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!